AR HB1704

Prohibits all public entities funded by taxpayer money from paying ransoms in response to cyberattacks, effective January 1, 2025 for state agencies and January 1, 2027 for political subdivisions, schools, and higher education institutions.

Requires all covered public entities to establish a written cyberattack policy that explicitly prohibits ransom payments.

Defines "public entity" to include state departments, constitutional officers, political subdivisions, school districts, charter schools, higher education institutions, courts, and transportation agencies.

Establishes legislative findings citing data that 80% of ransom-paying entities experience a second cyberattack, only 52% successfully recover data on first payment, and at least 41% must pay a second ransom.

Defines key terms including "cyberattack" as an attack or cybersecurity breach on a public entity and "ransom" as money demanded by a third party to stop or limit damage to entity operations.